[wp-trac] [WordPress Trac] #34178: Text Widget accept only inline style tag
WordPress Trac
noreply at wordpress.org
Tue Oct 6 23:46:35 UTC 2015
#34178: Text Widget accept only inline style tag
-----------------------------+---------------------
Reporter: miguelmuller | Owner:
Type: feature request | Status: closed
Priority: normal | Milestone:
Component: Widgets | Version:
Severity: normal | Resolution: fixed
Keywords: | Focuses:
-----------------------------+---------------------
Changes (by jeremyfelt):
* status: reopened => closed
* resolution: => fixed
* milestone: Awaiting Review =>
Comment:
`<style>` is one of the HTML tags allowed for a user with the
`unfiltered_html` capability. I can imagine cases where site owners use
the text widget specifically to insert inline style - however wise/unwise
that may be. :)
One method to approach this would be extra sanitization via filter (see
`widget_text`) in a plugin. There are likely others as well, including
replacing the default text widget provided by WordPress with a more custom
one. Adding extra sanitization to remove `<style>` by default is not
something that we can do here.
Thank you for the report and the resulting conversation!
--
Ticket URL: <https://core.trac.wordpress.org/ticket/34178#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list